Author Topic: COMODO Cleaning Essentials ( Wishlist )  (Read 76553 times)

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3079
    • Suspicious file?
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #15 on: December 25, 2010, 10:06:12 AM »
Ooohh, crap, you' re right.

Offline jovan111p

  • CESMUser
  • Comodo's Hero
  • *
  • Posts: 525
  • After every fall I get up, never give up!!!
    • Comodo Internet Security Complete, take a look on best protection on the Net
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #16 on: December 25, 2010, 01:03:11 PM »

When you click twice one a process and go to "Verdict" you will see DACS results, CAMAS results and other.

Why I have blank page in this case ( I click in KillSwitch)?

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #17 on: December 25, 2010, 01:10:59 PM »
Why I have blank page in this case ( I click in KillSwitch)?

Only the unknown files are sent to DACS.

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #18 on: December 25, 2010, 02:59:49 PM »
A % showing the progress of the files being uploaded would be nice.
Also CCE should have an option to scan and detect all the unknown files in my computer with a dangerous extension and upload them to DACS, so I will not need to left open KillSwitch all the time to upload the programs that I also have to left opened and everything will be done with 1 scan.

+1000
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #19 on: December 25, 2010, 09:47:10 PM »
+1000

doesn't that how killswitch work at the moment?

all the unknown files are automatically checked...

am i missing something?

Offline Arkose

  • Comodo Member
  • **
  • Posts: 43
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #20 on: December 25, 2010, 11:10:54 PM »
I would like to see improved portability. In the current beta CCE saves its settings in the registry while KillSwitch uses the user profile; CCE also leaves some DACS logs in the user profile (tested on XP SP3). The end result is that it's currently impossible to preconfigure either product in preparation for using it on other systems.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #21 on: December 26, 2010, 01:05:46 AM »
No files, or registry entries, should be removed without user interaction.

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #22 on: December 26, 2010, 06:39:17 AM »
As I said in the usability study group I would like to CCE to supoort multi core cpu and that CCE has cpu management where you can select the amount cpu cores and how much of the cpu it should use; you will be able to scan without slow down. I have seen that it uses 50% which is okey; cmdagent uses more.

Regards,
            Valentin N
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #23 on: December 26, 2010, 11:44:18 AM »
doesn't that how killswitch work at the moment?

all the unknown files are automatically checked...

am i missing something?

hello Melih

we are talking about the full scan option in CCE , we want all the unknown files on the hard drive to be checked by DACS or at least all the suspicious files on the hard dirve  , not only the active processes.

have a look here plz ..

https://forums.comodo.com/comodo-cleaning-essentials-cce-killswitch/comodo-cleaning-essentials-1117429427-beta-ready-t66867.0.html;msg471149#msg471149
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline Budda

  • Comodo Loves me
  • ****
  • Posts: 178
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #24 on: December 26, 2010, 03:19:36 PM »
In CCE, if the antivirus portion that downloads the database scanner file  is the same engine and database as Comodo Antivirus, then have a function that simply copies/pastes the database file from CAV to CCE if it detects CAV is installed on the users computer.

I can't understand why I am downloading the same db twice on my computer if it is the same thing.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #25 on: December 26, 2010, 03:29:09 PM »
How about also offering to scan the files with ThreatExpert and Anubis?

Also, for the behavioral analyzers it would be useful, for advanced users, if you could provide links to the results.

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1109
  • What are you staring at?
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #26 on: December 26, 2010, 08:49:54 PM »
 I thought I would share these wishes with all forum members (they were originally posted in the usability forum, which is accessible only to users with special privileges).

Auto suspend
How about an option for Killswitch to automatically suspend any newly launched process that is unknown, suspicious, or malicious?. If you have this option, it may be helpful in two scenarios:

1) Have a small installer that can install a special "lock-up rescue" version of killswitch. This installer would early-load killswitch on start-up (using a random filename), but this version of killswitch will automatically "suspend all unsafe objects" when it starts.  When an infected system is too bogged down by malware, trying to run killswitch in its current configuration is often impossible.

2) Running Killswitch in background. If you have malware that keeps re-launching new processes, Killswitch will automatically suspend the processes and not let them lock up the machine. This would be most useful for zero-day malware for which there is no signature (so verdict from comodo, other AV vendors, and CAMAS may be unknown).

When the Internet Connection is disabled
 Provide a method to download the latest AV database and white list for CCE. If malware disables the internet connection, then CCE and killswitch cannot access DACS, CAMAS, the cloud, and updates. In this case, you need to download the most up-to-date information from another computer, and transfer the files to the infected computer.

Eliminate traces
Also, it would be nice if CCE eliminated malware "traces". I know the most important issue is getting rid of active or potentially active malware ("acid" cleaning), but getting rid of traces is a nice way to add a "polished shine" on what you've just cleaned.

Tools That Fix system settings
Add tools to scan for and correct system changes made by malware (e.g. deactivation of task manager, home page hijack, disable control panel, etc.). Maybe you can build these into the standard scan.
"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline arjunpa

  • Comodo's Hero
  • *****
  • Posts: 392
  • Iam Cool
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #27 on: December 26, 2010, 08:56:32 PM »
I thought I would share these wishes with all forum members (they were originally posted in the usability forum, which is accessible only to users with special privileges).

Auto suspend
How about an option for Killswitch to automatically suspend any newly launched process that is unknown, suspicious, or malicious?. If you have this option, it may be helpful in two scenarios:

1) Have a small installer that can install a special "lock-up rescue" version of killswitch. This installer would early-load killswitch on start-up (using a random filename), but this version of killswitch will automatically "suspend all unsafe objects" when it starts.  When an infected system is too bogged down by malware, trying to run killswitch in its current configuration is often impossible.

2) Running Killswitch in background. If you have malware that keeps re-launching new processes, Killswitch will automatically suspend the processes and not let them lock up the machine. This would be most useful for zero-day malware for which there is no signature (so verdict from comodo, other AV vendors, and CAMAS may be unknown).

When the Internet Connection is disabled
 Provide a method to download the latest AV database and white list for CCE. If malware disables the internet connection, then CCE and killswitch cannot access DACS, CAMAS, the cloud, and updates. In this case, you need to download the most up-to-date information from another computer, and transfer the files to the infected computer.

Eliminate traces
Also, it would be nice if CCE eliminated malware "traces". I know the most important issue is getting rid of active or potentially active malware ("acid" cleaning), but getting rid of traces is a nice way to add a "polished shine" on what you've just cleaned.

Tools That Fix system settings
Add tools to scan for and correct system changes made by malware (e.g. deactivation of task manager, home page hijack, disable control panel, etc.). Maybe you can build these into the standard scan.

+1000
Core i5 750 [at] 2.66 GHz
MSI GD65 Motherboard
2 GB RAM
Sapphire HD 5770 1 GB

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1109
  • What are you staring at?
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #28 on: December 26, 2010, 09:06:23 PM »
How about also offering to scan the files with ThreatExpert and Anubis?

+1

Also, for the behavioral analyzers it would be useful, for advanced users, if you could provide links to the results.

Yes, especially the CIMA results.

Color Coding in Killswitch
The colors currently do not reflect the verdict (which is the most important piece of information). The color should be based primarily on verdict (i.e. this characteristic takes priority when color coding is displayed). - See attached pic.
  Safe = white (or perhaps green instead)
  Unknown = yellow
  Suspicious = light red
  Malicious = red

Other criteria (such as CPU usage), should use other colors (such as orange, navy blue, light blue, brown, purple, light purple).
Grey would still show which object is selected.

This would draw attention directly to the worrisome objects.

[attachment deleted by admin]
« Last Edit: December 26, 2010, 09:26:41 PM by Whoop-dee-doo »
"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1109
  • What are you staring at?
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #29 on: December 26, 2010, 11:17:02 PM »
This concept by elliotcroft may be an interesting addition to Killswitch.

Elliotcroft suggests a "process tracking" feature that logs the activities of a process. The user would designate which process he wishes to track, and then Killswitch will create a log for that process.  The tracker may help with debugging and with malware research.

Elliotcroft also proposes a rollback (or "undo") feature. If a process is malicious or causing crashes/freezes, the user can undo all the activities created by the process (it should probably also terminate the main process and all the processes it spawned). Kind of like Time Machine for processes.
« Last Edit: December 26, 2010, 11:38:08 PM by Whoop-dee-doo »
"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek